# !/usr/bin/env python
# -*- coding: utf-8 -*-
# @File  : sql注入(优化).py
# @Author: dongguangwen
# @Date  : 2024-08-11 12:54
import pymysql

# 输入账号和密码
user = input('请输入用户名：')
password = input('请输入密码：')

conn = pymysql.connect(host='192.168.1.9', port=3306, user='root', password='root12345678', charset='utf8', db='new_database')
cursor = conn.cursor()

# cursor.execute("select * from students where name=%s and password=%s", [user, password])
# 或者
cursor.execute("select * from students where name=%(name)s and password=%(password)s", {'name': user, 'password': password})

result = cursor.fetchone()
print(result)

cursor.close()
conn.close()
